simo5
commented
6 months ago Hi Volker, in what case does this happens?
I wonder if we should rather return an error if the oldset is empty.
Closed vlendec closed 6 months ago
simo5
commented
6 months ago Hi Volker, in what case does this happens?
I wonder if we should rather return an error if the oldset is empty.
vlendec
commented
6 months ago I'm playing with the gssproxy protocol, and got mechglue to crash. This is not with the upstream gssproxy daemon that this project provides, but I thought it might be worthwhile to not crash unsuspecting clients no matter what happens on the daemon side. See also the SIGPIPE patch of a while ago. With the real gssproxy this should never happen.
simo5
commented
6 months ago I see, would you mind changing the patch to return an error instead of success + empty set ? I think empty set will fix the segfault of course, but will also mask that incorrect (missing) data is being returned.
vlendec
commented
6 months ago Sure, but I guess this should happen when parsing the bytes coming from the server. Let's close this PR, I'll take a fresh look.
Protect mechglue against 0-length OID_set coming from the gssproxy